Intrusion detection and prevention

Intrusion Prevention Systems (IPS), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network or system activities for malicious activity and act on them. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, report it and attempt to block or stop it. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity.

IDPS are primarily focused on identifying possible incidents, logging information about them, and reporting them to an administrator or security information and event management (SIEM) system. In addition, organisations use IDPS for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. They can use different types of detection systems, mostly signature-based detection, (statistical) anomaly-based detection, stateful protocol analysis detection and reputation-based detection. Placement of the IDPS in your infrastructure is important and determines its potential effect, it can be part of or near to the firewall (edge of the network) or within the network itself.

Related Keywords: Unified Threat Management, anomaly detection, DNS analytics, network intrusion detection systems (NIDS), Network-based intrusion prevention system (NIPS), host-based intrusion detection systems (HIDS), Host-based intrusion prevention system (HIPS), network traffic analysis (NTA), Network behavior analysis (NBA), Wireless intrusion prevention system (WIPS), Protocol-based intrusion detection system (PIDS)